wstngfw中使用Viscosity连接OpenV-P-N服务器
2024-09-25 22:35:31
wstngfw中使用Viscosity连接OpenV-P-N服务器
在本例中,将假设以下设置:
站点 A | 站点 B | ||
名称 | Beijing Office(北京办公室) | 名称 | Shenzheng Office(深圳办公室) |
WAN IP | 192.168.10.46 | WAN IP | 192.168.20.46 |
LAN 子网 | 192.168.11.0/24 | LAN 子网 | 192.168.21.0/24 |
LAN IP | 192.168.11.6 | LAN IP | 192.168.21.6 |
注意:隧道网络填入的信息必须严格匹配网段,192.168.21.82/28 不符合要求,必须改为 192.168.21.80/28
1. 配置 Shenzheng的设备
a. 添加 openvpn 服务端
高级选项中的内容: push "route 192.168.21.0 255.255.255.0";mute 10;comp-lzo;
b. 为要连接到服务器的每个设备生成客户端证书
>>> Installing pfSense-pkg-openvpn-client-export... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 4 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-openvpn-client-export: 1.4.18_3 [pfSense] openvpn-client-export: 2.4.7 [pfSense] zip: 3.0_1 [pfSense] p7zip: 16.02_1 [pfSense] Number of packages to be installed: 4 The process will require 18 MiB more space. 12 MiB to be downloaded. [1/4] Fetching pfSense-pkg-openvpn-client-export-1.4.18_3.txz: ... done [2/4] Fetching openvpn-client-export-2.4.7.txz: .......... done [3/4] Fetching zip-3.0_1.txz: .......... done [4/4] Fetching p7zip-16.02_1.txz: .......... done Checking integrity... done (0 conflicting) [1/4] Installing openvpn-client-export-2.4.7... [1/4] Extracting openvpn-client-export-2.4.7: .......... done [2/4] Installing zip-3.0_1... [2/4] Extracting zip-3.0_1: .......... done [3/4] Installing p7zip-16.02_1... [3/4] Extracting p7zip-16.02_1: .......... done [4/4] Installing pfSense-pkg-openvpn-client-export-1.4.18_3... [4/4] Extracting pfSense-pkg-openvpn-client-export-1.4.18_3: .......... done Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Writing configuration... done. >>> Cleaning up cache... done. 成功
c. 导出CA证书(Shenzheng-VPN-CA.crt)(但是不需要导出CA密钥),导出客户端证书(Shenzheng-VPN-Client01.crt)和客户端密钥(Shenzheng-VPN-Client01.key),
以及导出TLS密钥(Shenzheng-TLS-AUTH.key)
Shenzheng-VPN-config.conf 文件内容
#-- Config Auto Generated By HG-NGFW for Viscosity --# #viscosity startonopen false #viscosity dhcp true #viscosity dnssupport true #viscosity name VPNServer dev tun persist-tun persist-key cipher AES-256-CBC auth SHA tls-client client resolv-retry infinite remote 192.168.20.46 1194 udp verify-x509-name "Shenzheng-VPN-Server" name auth-user-pass remote-cert-tls server compress lzo ca Shenzheng-VPN-CA.crt tls-auth Shenzheng-TLS-AUTH.key 1 cert Shenzheng-VPN-Client01.crt key Shenzheng-VPN-Client01.key
2. 使用Beijing站点内网windows7系统测试隧道的连通性
a. 配置Viscosity客户端
故障日志:
======================= End
最新文章
- 在Linux(Ubuntu/openSUSE/CentOS)下配置ASP.NET(Apache + Mono)
- 【分布式】Zookeeper使用--命令行
- Spring MVC学习笔记——引入静态文件
- CSS代码片段【图文】
- 用Windows PowerShell 控制管理 Microsoft Office 365
- nginx命令
- 微博地址url(id)与mid的相互转换 Java版
- 摘要评注The Cathedral &; The Bazaar
- TextField 的文字间距
- xcode6 使用MJRefresh
- Fresco源码解析 - DataSource怎样存储数据
- eclipse启动tomcat 访问http://localhost:8080 报404错误
- ThinkPHP - 自定义扩展类库
- CentOS6 安装Sendmail + Dovecot + Squirrelmail
- Mongodb 监测
- ACM学习之路___HDU 1385(带路径保存的 Floyd)
- flutter 自定义主题切换
- linux18.04下安装的jdk11.0.2
- onselectstart属性解决双击出现的蓝色区域
- .Net外包篇:我是如何看待外包的